Further modularlize config

This commit is contained in:
Artemis Tosini 2020-11-17 01:51:13 +00:00
parent f5105cea8d
commit fc10d65648
Signed by: artemist
GPG key ID: ADFFE553DCBB831E
13 changed files with 182 additions and 148 deletions

View file

@ -1,96 +1,58 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./private
./system/current
./packages.nix
./fonts.nix
./sets/neovim
];
imports = [
./private
./system/current
./packages.nix
./fonts.nix
];
nix = {
daemonNiceLevel = 5;
daemonIONiceLevel = 1;
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "00:00";
options = "--delete-older-than 14d";
};
trustedUsers = [ "artemis" ];
nix = {
daemonNiceLevel = 5;
daemonIONiceLevel = 1;
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "00:00";
options = "--delete-older-than 14d";
};
trustedUsers = [ "artemis" ];
};
console = {
keyMap = "us";
earlySetup = true;
};
console = {
keyMap = "us";
earlySetup = true;
};
i18n.defaultLocale = "de_DE.UTF-8";
i18n.defaultLocale = "de_DE.UTF-8";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfree = true;
time.timeZone = "Etc/UTC";
time.timeZone = "Etc/UTC";
environment = {
variables = {
TERMINAL = "alacritty";
# for Sway
MOZ_USE_XINPUT2 = "1";
_JAVA_AWT_WM_NONREPARENTING = "1";
GTK_THEME = "Adwaita-dark";
};
environment = {
variables.TERMINAL = "alacritty";
enableDebugInfo = true;
shellAliases = {
vim = "nvim";
};
};
sound.enable = true;
virtualisation = {
docker.enable = true;
lxd = {
enable = true;
recommendedSysctlSettings = true;
};
};
security.polkit.enable = true;
services = {
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
userServices = true;
};
};
accounts-daemon.enable = true;
chrony.enable = true;
flatpak.enable = true;
fwupd.enable = true;
kbfs.enable = true;
keybase.enable = true;
logind.extraConfig = "HandlePowerKey=suspend";
pcscd.enable = true;
tor = {
enable = true;
client.enable = true;
};
syncthing = {
enable = true;
user = "artemis";
dataDir = "/home/artemis";
};
udev.packages = [
pkgs.android-udev-rules
(pkgs.callPackage ./externals/rules/adafruit.nix { })
(pkgs.callPackage ./externals/rules/fpga.nix { })
(pkgs.callPackage ./externals/rules/limesuite.nix { })
(pkgs.callPackage ./externals/rules/uhk.nix { })
];
printing = {
@ -98,13 +60,6 @@
drivers = [ pkgs.brlaser ];
};
};
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-wlr
];
};
hardware = {
bluetooth.enable = true;
@ -117,29 +72,13 @@
};
};
networking = {
firewall.enable = false;
networkmanager = {
enable = lib.mkDefault true;
ethernet.macAddress = "random";
wifi.macAddress = "random";
};
};
networking.firewall.enable = false;
programs = {
adb.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
sway = {
enable = true;
wrapperFeatures.gtk = true;
};
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
fish.enable = true;
};
@ -148,14 +87,9 @@
isNormalUser = true;
description = "Artemis Tosini";
uid = 1000;
extraGroups = [ "networkmanager" "wheel" "adbusers" "wireshark" "video" "docker" "lxd" "plugdev" "dialout" ];
extraGroups = [ "wheel" "docker" "lxd" ];
# hashedPassword set in private
};
extraGroups.plugdev = {};
users.root = {
subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ];
subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } ];
};
mutableUsers = false;
};
systemd.extraConfig = "DefaultLimitCORE=infinity";

View file

@ -3,16 +3,6 @@
let
llvm = pkgs.llvmPackages_10;
go = pkgs.go_1_15;
wofi = pkgs.wofi.overrideAttrs ( old: {
src = pkgs.fetchhg {
url = old.src.url;
rev = "e3db9b8075e71399bba14a568c59032f47981dab";
sha256 = "07fr1yfls94gxpwv3azgzxm7shjs4g5ribvqrh88flpf4cv5hq2d";
};
} );
openocd = if pkgs.stdenv.cc.isGNU then (pkgs.openocd.overrideAttrs ( old: {
NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE ++ [ "-Wno-error=strict-prototypes" ];
})) else pkgs.openocd;
in
{
environment.systemPackages = (with pkgs; [
@ -54,7 +44,6 @@ in
gparted
hdparm
iptables
krb5
lm_sensors
manpages
nethogs
@ -77,22 +66,6 @@ in
ntfs3g
udftools
# Wayland tools
dex
glib
grim
imagemagick
libnotify
mako
polkit_gnome
slurp
wf-recorder
wl-clipboard
wofi
xdg-user-dirs
xdg_utils
xsettingsd
# Useful CLI tools
age
appimage-run
@ -172,12 +145,6 @@ in
valgrind
yarn
# Embedded
kicad-unstable
openocd
stlink
(callPackage ./externals/packages/jlink { })
# Radio
gr-limesdr
limesuite
@ -186,15 +153,6 @@ in
gqrx
# Hacking tools
aircrack-ng
fusee-launcher
ghidra-bin
insomnia
ncat
pcsctools
pwndbg
python37Packages.binwalk-full
python37Packages.shodan
# Security
(pass.withExtensions (exts: [ exts.pass-otp ]))

View file

@ -1,6 +1,9 @@
{ pkgs, ... }:
{
services.udev.packages = [
(pkgs.callPackage ../externals/rules/fpga.nix { })
];
environment.systemPackages = with pkgs; [
# Synthesis
icestorm

22
sets/hacking.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
programs = {
adb.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
};
environment.systemPackages = with pkgs; [
aircrack-ng
fusee-launcher
ncat
pcsctools
pwndbg
python37Packages.binwalk-full
python37Packages.shodan
];
users.users.artemis.extraGroups = [ "adbusers" "wireshark" ];
}

26
sets/hardware.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
let
openocd = if pkgs.stdenv.cc.isGNU then (pkgs.openocd.overrideAttrs ( old: {
NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE ++ [ "-Wno-error=strict-prototypes" ];
})) else pkgs.openocd;
in
{
services.udev.packages = [
(pkgs.callPackage ../externals/rules/adafruit.nix { })
(pkgs.callPackage ../externals/rules/limesuite.nix { })
openocd
];
environment.systemPackages = with pkgs; [
kicad-unstable
openocd
stlink
(callPackage ../externals/packages/jlink { })
];
users = {
users.artemis.extraGroups = [ "plugdev" "dialout" ];
extraGroups.plugdev = {};
};
}

View file

@ -1,6 +1,10 @@
{ config, pkgs, ... }:
{
imports = [
./networkmanager.nix
];
services = {
tlp.enable = true;
upower.enable = true;

9
sets/networkmanager.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
networking.networkmanager = {
enable = true;
ethernet.macAddress = "random";
wifi.macAddress = "random";
};
users.users.artemis.extraGroups = [ "networkmanager" ];
}

52
sets/sway.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, pkgs, ... }:
let
wofi = pkgs.wofi.overrideAttrs ( old: {
src = pkgs.fetchhg {
url = old.src.url;
rev = "e3db9b8075e71399bba14a568c59032f47981dab";
sha256 = "07fr1yfls94gxpwv3azgzxm7shjs4g5ribvqrh88flpf4cv5hq2d";
};
} );
in
{
security.polkit.enable = true;
services = {
accounts-daemon.enable = true;
logind.extraConfig = "HandlePowerKey=suspend";
};
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-wlr
];
};
sound.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
export MOZ_USE_XINPUT2=1
export _JAVA_AWT_WM_NONREPARENTING=1
export GTK_THEME=Adwaita-dark
'';
};
environment.systemPackages = with pkgs; [
dex
glib
grim
imagemagick
libnotify
mako
polkit_gnome
slurp
wf-recorder
wl-clipboard
wofi
xdg-user-dirs
xdg_utils
xsettingsd
];
}

19
sets/virtualization.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
{
virtualisation = {
docker.enable = true;
lxd = {
enable = true;
recommendedSysctlSettings = true;
};
};
users.users = {
artemis.extraGroups = [ "docker" "lxd" ];
root = {
subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ];
subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } ];
};
};
}

View file

@ -5,9 +5,12 @@
./boot-config.nix
./secure-boot.nix
./hardware-configuration.nix
../../sets/gpu/intel.nix
../../sets/cpu/intel.nix
../../sets/gpu/intel.nix
../../sets/hacking.nix
../../sets/laptop.nix
../../sets/neovim
../../sets/sway.nix
];
networking.hostName = "rainbowdash";

View file

@ -4,10 +4,13 @@
imports = [
./boot-config.nix
./hardware-configuration.nix
../../services/ssh.nix
../../sets/gpu/intel.nix
../../sets/cpu/intel.nix
../../sets/gpu/intel.nix
../../sets/hacking.nix
../../sets/laptop.nix
../../sets/neovim
../../sets/ssh.nix
../../sets/sway.nix
];
networking.hostName = "spike";

View file

@ -5,11 +5,16 @@
./boot-config.nix
./hardware-configuration.nix
./nginx.nix
../../services/ssh.nix
../../private/starlight.nix
../../sets/cpu/amd.nix
../../sets/fpga.nix
../../sets/gpu/amd.nix
../../sets/cpu/amd.nix
../../private/starlight.nix
../../sets/hacking.nix
../../sets/hardware.nix
../../sets/neovim
../../sets/ssh.nix
../../sets/sway.nix
../../sets/virtualization.nix
];
networking.hostName = "starlight";
@ -19,7 +24,6 @@
KERNEL=="eth*", ATTR{address}=="00:0f:53:16:15:9d", NAME="lan10g1"
'';
networking.networkmanager.enable = false;
networking.bridges.br0 = {
rstp = true;
interfaces = [ "lan10g0" "lan10g1" "enp4s0" ];
@ -33,12 +37,9 @@
};
networking.dhcpcd.allowInterfaces = [ "br0" ];
hardware.cpu.amd.updateMicrocode = true;
services = {
tor = {
enable = true;
client.enable = true;
};
services.tor = {
enable = true;
client.enable = true;
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];